EU General Data Protection Regulation, a new era in data protection
|
|
- Tobias Patrick
- 6 years ago
- Views:
Transcription
1 EU General Data Protection Regulation, a new era in data protection The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way that organisations handle, protect and use personal data of EU individuals. Organisations of all sizes, across all industries, and geographies that process personal data of EU residents need to take steps now to comply with the new EU General Data Protection Regulation by 2018, to satisfy management fiduciary duties and avoid potentially costly penalties. Kevin P. Kalinich, Esq., Global Cyber Practice Leader, Aon Risk Solutions The European Union General Data Protection Regulation (EU GDPR) is set to come into effect on the 25 th of May 2018 and will strengthen the rights of individuals online, while creating significant obligations for businesses operating in an increasingly connected world. The regulation applies to information which directly or indirectly identifies an individual, including customer lists, contact details, genetic/biometric data, and online identifiers like IP addresses. While the EU GDPR builds on the prior EU Data Protection Directive, it brings significant changes in several areas. All organisations globally that process personal data either relating to the offering of goods or services, or the monitoring of activities of EU residents, will need to comply. The new regulation will require organisations to strengthen existing controls, implement new processes and procedures, and document, embed and evidence them appropriately. Organisations will also have to consider the best ways of enabling individuals to exercise their rights surrounding their personal data and its use. The EU GDPR is therefore a game-changer when it comes to the collection, processing and storage of personal data and one with global implications. As such, organisations need to evaluate their existing position, prepare for the impending changes, and ensure their data protection systems are robust going forward. Requirements The business changes needed to comply with the EU GDPR will vary from organisation to organisation, however they are likely to be significant. For instance, organisations should only collect personal data needed to fulfil specific, documented purposes, and where there is a permitted basis under GDPR for the collection. Public authorities, organisations processing large amounts of special categories of data, or whose core activities involve the regular and systematic monitoring of individuals, must appoint a data protection officer with expert knowledge. A new concept of accountability will require organisations to embed privacy controls into their operations and conduct mandatory privacy-risk impact assessments for any new project likely to result in a high risk to individuals privacy. Organisations will also have to demonstrate that data protection is a board level issue, with documented and operational controls to mitigate risks.
2 The EU GDPR introduces a 72-hour notification requirement for all personal data breaches, except those which are unlikely to pose a risk to individuals. In the case of serious incidents, there will also be a duty to notify the affected individuals of the breach. Currently, the EU only requires organisations in certain sectors or countries to notify breaches or cyber attacks to regulators. Fines for non-compliance with the EU GDPR will increase to as much as EUR20 million or, if higher, to 4% of an organisation s annual global turnover. This is a significant escalation from the current penalties under existing data protection laws. Fines for serious violations have the potential to reach the billions for large, global companies. The EU GDPR will create significant challenges for business, particularly following a loss or exposure of personal data per the effective date of 25 th May Here we explore a couple of potential fictional scenarios. Scenario of a European retail company with headquarters in Brussels A retail company based in Belgium, with operations in Belgium, France and the Netherlands, takes a proactive approach to the EU GDPR. Handling customer data from its Brussels headquarters, the company implements tough new security measures to limit any loss of personal data, while appointing a data security officer and a top-down assessment of data privacy measures. Some time after the EU GDPR has come into effect, the firm suffers a cyber attack that results in the loss of a large cache of personal data. The cyber attack exposes weaknesses in the firm s controls, particularly in relation to deletion of personal data no longer required for business operations or record keeping. However, the firm s incident response team effectively responded to the attack, notifying the Belgium regulator and individuals as required. While the firm is now liable to censure by the Belgium regulator and potentially within the other territories in which it operates - thanks to its proactive approach to data privacy protection, the penalties it faces are reduced in light of its efforts to comply with the EU GDPR. Scenario of a US-headquartered global pharmaceutical firm A US headquartered pharmaceutical, with offices and factories throughout the world, is a conglomerate formed from the mergers of several smaller institutions over the course of the past 15 years. Because of this and some incompatible IT, accounting, and financial systems, the company s approach to GDPR has been fragmented, with several parallel efforts having been conducted with limited oversight from headquarters. Shortly after the EU GDPR has come into effect, data protection authorities in three EU countries receive complaints from employees of a recently-acquired entity that their personal data has been unlawfully transferred to the US. The acquisition in question was previously headquartered in an EU country, but post-merger, the HR and operational administration of its employees and personal information was transferred to the appropriate departments in the US, for reasons of efficiency.
3 After a detailed investigation, one of the regulators finds that after a two year process, there were insufficient controls, care and protection placed around the personal information of the affected employees, and that there are several similar issues affecting other groups of employees. Given the wide-spread nature of the violations, the DPA seeks to impose a fine based on a percentage of the group s worldwide turnover rather than the local entity s turnover. These scenarios might be fictional right now, but they could become reality in the near future and with only a 12 months period to prepare organisations are advised to make sure they are ready for the new regulatory requirements. Given the significance of the changes and the increased enforcement powers of regulators, business leaders need to ensure they are taking steps to comply with the impending rules. Action checklist We have outlined ten steps to help businesses prepare: 1. The board should be accountable for data protection and ensure data protection risks receive ongoing attention and review from the C-suite. 2. Perform a risk analysis on new projects to identify privacy risks and necessary mitigation measures and assess the appropriate technical and organisational measures required (DPIA = Data Protection Impact Assessment). 3. Create a data-processing register detailing what data is held by the company, how it is held and transferred, what it is used for and by whom. 4. Classify personal information in terms of risk, to comply with data retention periods, and establish a procedure to erase data when the retention period has passed. 5. Evaluate and actively manage existing contracts with third party service providers whom you share personal data on an ongoing basis with, to ensure they include all of the mandatory obligations prescribed by the EU GDPR. 6. Establish, embed and test a procedure to handle personal data incidents. 7. Increase the privacy-awareness of your employees. 8. Ensure employees can recognise and respond appropriately to requests from data subjects seeking to exercise their rights under the EU GDPR (for example: right to object, right to be forgotten). Any processes for responding to such rights should be clearly documented and embedded into business practices. 9. Determine and document whether your organisation should have a Data Protection Officer. 10. Review and amend privacy statements and notices to meet the enhanced transparency requirements.
4 Common pitfalls As with any change within an organisation, there are various challenges to navigate. When implementing the EU GDPR, be aware and avoid the following common pitfalls: 1. Not having a clear understanding where and how personal data is stored, how it moves around your enterprise, how it is protected and how it is deleted once no longer required. 2. Underestimating the challenges of implementing a robust, effective programme for data subject rights, such as subject access requests and requests to delete personal data. 3. Not having an enterprise wide incident response plan in place. The plan should incorporate escalation plans and nominated advisors covering all required stakeholders, including business operations, legal, PR, and key third parties such as IT service providers on whom you rely. 4. Failing to consider supplier / third party data protection management on an ongoing basis. 5. Failing to implement and maintain internal training programmes and procedures. Conclusion Addressing the EU GDPR will require careful consideration and coordination by internal stakeholders, likely with the use of external resources, in order to accommodate the multi-faceted nature of the issue. The actions that have been detailed above will be best served by parallel work streams, along with task dependencies and crossover. This can be a challenging task to manage given the limited time left to comply. The organisations that will progress most smoothly will be those that commit significant resource and have senior buy-in early in the process, and that do not underestimate the tasks ahead. Now is the time to consider the implications of the EU GDPR and to prepare and respond in a manner that is proportionate to the nature of your business. Data and individual privacy rights are increasingly significant issues facing firms globally, and the EU GDPR sets the tone for future data privacy standards that will have increasingly global implications.
5 Contacts Alexander Carte +44 (0) Managing Director Stroz Friedberg Adam Peckman Global Cyber Risk Consulting Practice Leader +44 (0) Vanessa Leemans t +44 (0) Global Cyber Chief Operating Officer vanessa.leemans@aon.co.uk Kevin Kalinich Global Cyber Practice Leader kevin.kalinich@aon.com
GDPR Compliance Checklist
GDPR Compliance Checklist GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that the General Data Protection Regulation will introduce into EU Privacy law on 25 May
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationPrivacy governance survey. The state of privacy management in Belgian organisations
Privacy governance survey The state of privacy management in Belgian organisations January 2017 Welcome How are Belgian organisations performing when it comes to the protection of personal data? In November
More informationGeneral Data Privacy Regulation: It s Coming Are You Ready?
General Data Privacy Regulation: It s Coming Are You Ready? Presenters Tristan North Worldwide ERC Government Affairs Adviser, Moderator William R. Tehan General Counsel, Graebel Companies, Inc. Hank A.
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationWhat you need to know. about GDPR. as a Financial Broker. Sponsored by
What you need to know about GDPR as a Financial Broker Dear Partner The regulatory and compliance environment is ever changing and the burden and requirements on financial services professionals continues
More informationGeneral Data Protection Regulation (GDPR) Meeting the new requirements
General Data Protection Regulation (GDPR) Meeting the new requirements Data protection rules are changing In a nutshell Predating social media, cloud computing and geolocation services, the law needs to
More informationWhat is GDPR and Should You Care?
What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what
More information12 STEPS TO PREPARE FOR THE GDPR
12 STEPS TO PREPARE FOR THE GDPR Presented by Henshalls Insurance Brokers On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom. The GDPR
More informationIMPACT OF THE NEW GDPR DIRECTIVE ON OUTSOURCING ARRANGEMENTS
IMPACT OF THE NEW GDPR DIRECTIVE ON OUTSOURCING ARRANGEMENTS This Insight provides an overview of the changes, and impact the GDPR Directive presents to outsourcing arrangements. Furthermore, it provides
More informationEU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.
EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes!
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationWSGR Getting Ready for the GDPR Series
WSGR Getting Ready for the GDPR Series Overview, main concepts, principles and obligations Cédric Burton Of Counsel Laura De Boel Senior Associate Christopher Kuner Senior Privacy Counsel WSGR Webinar,
More informationEU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.
EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes! This new law
More informationTHE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER
THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER Contents 1 Introduction 2 2 Key messages 3 3 The requirement to appoint a Data Protection Officer 4 3.1 Public
More informationThe General Data Protection Regulation: What does it mean for you?
The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up
More informationEU General Data Protection Regulation (GDPR) A Point of View. For private circulation only. Risk Advisory
EU General Data Protection Regulation (GDPR) A Point of View For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes! This new law will have a profound impact
More informationGDPR Service Information Sheet
GDPR Service Information Sheet What is GDPR? General Data Protection Regulation (GDPR) - is a policy that comes into effect from the 25th May 2018. Any business that processes the personal data of EU individuals,
More informationIntroduction. Key points of the recent ODPC guidance, and the Article 29 working group guidance
The Role of the Data Protection Officer Key points of the recent ODPC guidance and the Article 29 Working Group Guidance September 2017 00 Introduction Key points of the recent ODPC guidance, and the Article
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationThe EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry
The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry 1 Contents Introduction 5 Brexit: GDPR or New UK Law? 8 The eprivacy Directive 10 The GDPR: 10 Key Areas
More informationMind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic
Author Rakesh Sancheti Vice President and Business Head - Analytics, Europe and Nordic July 2017 The regulatory environment has become increasingly complex, with new regulations being introduced across
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationHow employers should comply with GDPR
02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 17/EN WP264 rev.01 Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data Adopted on 11
More informationGetting Ready for the GDPR
Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd
More informationGeneral Data Protection Regulation (GDPR) Frequently Asked Questions
General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or
More informationThe New EU General Data Protection Regulation 1
The New EU General Data Protection Regulation 1 Dear clients and friends, On 14 April 2016 the EU Parliament formally approved the General Data Protection Regulation ( the Regulation ). The Regulation
More informationPreparing for the GDPR: Attaining and Demonstrating Compliance
Preparing for the GDPR: Attaining and Demonstrating Compliance IAPP Privacy. Security. Risk. September 16, 2016. San Jose (CA) Copyright 2016 by Nymity Inc. All rights reserved. This document is provided
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationA questionnaire for senior management
Getting ready for GDPR Part 2: Accountability - A questionnaire for senior management Accountability is more than simple compliance with the rules - it implies a culture change organisations and not Data
More informationWestfield Corporation Slavery and Human Trafficking Statement. Financial Year Ended 31 December 2016
Westfield Corporation Slavery and Human Trafficking Statement Financial Year Ended 31 December 2016 Westfield Corporation Limited (ABN 12 166 995 197) Westfield America Management Limited (ABN 66 072 780
More informationMastering the GDPR with Enterprise Architecture
White Paper Mastering the GDPR with Enterprise Architecture Contents Introduction The GDPR & what it means for your company Enterprise Architects & the GDPR GDPR compliance in five practical steps Summary
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationGeneral Data Protection Regulation (GDPR) A brief guide
General Data Protection Regulation (GDPR) A brief guide Document compiled by: Terence Clark & Dr. Nathan Matthews June 2017 Acknowledgements This document contains material from the Information Commissioner
More informationTHE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE
OCTOBER 2017 EU, COMPETITION, TRADE AND REGULATORY THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE The EU General Data Protection Regulation (GDPR) becomes effective
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationSalesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data
Salesforce s Processor Binding Corporate Rules for the Processing of Personal Data Table of Contents 1. Introduction 3 2. Definitions 3 3. Scope and Application 4 4. Responsibilities Towards Customers
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationGDPR readiness for start-ups, technology businesses and professional practices Martin Cassey
www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?
More informationThe EU General Data Protection Regulation
The EU General Data Protection Regulation Shearman & Sterling LLP is a limited liability partnership organized under the laws of the State of Delaware, with an affiliated limited liability partnership
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 05/EN WP108 Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules Adopted on April 14 th, 2005 This Working Party
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationNew General Data Protection Regulation - an introduction
New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy
More informationUK Research and Innovation (UKRI) Data Protection Policy
UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager
More informationGDPR. The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April
www.thalesgroup.com/uk SECURE COMMUNICATIONS AND INFORMATION SYSTEMS The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 Contents What is the
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationGDPR Webinar : Overview & practical compliance steps. 23 October 2017
GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) 10 Steps For Schools... Introduction The new EU General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. This regulation
More informationAccelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications
Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications O R A C L E W H I T E P A P E R D E C E M B E R 2 0 1 7 Disclaimer The purpose of this document
More informationEU GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE ARE YOU PREPARED? What You Need to Know to Make Your Data Transfers Compliant
EU GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE ARE YOU PREPARED? What You Need to Know to Make Your Data Transfers Compliant MAY 25 SAVE THE DATE May 25, 2018 The General Data Protection Regulation
More informationAchieving GDPR Compliance with Avature
Achieving GDPR Compliance with Avature What You Need to Know About GDPR The General Data Protection Regulation, or GDPR, is a regulation that was passed by the European Union in 2016 to update and replace
More informationEU data protection reform
EU data protection reform Background and insight A Whitepaper Executive summary The Irish Data Protection Acts 1988 and 2003 gave effect to the European Data Protection Directive 95/46/EC. The existing
More informationPERSONAL DATA PROTECTION POLICY
PERSONAL DATA PROTECTION POLICY 1. Reasons 2. Principles and rights of personal data protection 3. Personal data protection policy 3.1 Purpose 3.2 Scope of application 3.3 Commitments 4. Responsibilities
More informationThe Sage quick start guide for businesses
General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing
More information5-Step Guide For GDPR Compliance
5-Step Guide For GDPR Compliance A Guide For Constructing Your Planning Timeline www.avr.co.uk This document provides a framework for all companies that have customers in Europe, as they have to prepare
More informationData protection in light of the GDPR
Data protection in light of the GDPR How to protect your organization s most sensitive data Why is data protection important? Your data is one of your most prized assets. Your clients entrust you with
More informationGDPR. Guidance on Employee Personal Data
GDPR Guidance on Employee Personal Data Introduction The General Data Protection Regulation (GDPR), due to come into force on 25 May 2018, will impose significant new burdens on organisations across Europe
More informationon remuneration policies and practices related to the sale and provision of retail banking products and services
EBA/GL/2016/06 13/12/2016 Guidelines on remuneration policies and practices related to the sale and provision of retail banking products and services 1. Compliance and reporting obligations Status of these
More informationECDPO 1: Preparing for the EU General Data Protection Regulation
ECDPO 1: Preparing for the EU General Data Protection Regulation GDPR comes with a raft of changes that will affect every organisation that process personal data. While some organizations are prepared
More informationGDPR A Catalyst to Drive Real Action around Privacy and Security
2013 Corix Partners 1 GDPR A Catalyst to Drive Real Action around Privacy and Security Key factors for Boards and Executive Management to consider Firms should not focus simply on deadlines, but on creating
More informationData Protection. Policy
Data Protection Policy Why do we need this policy? What does the policy apply to? Which parts of SQA are affected? SQA is committed to adopting best practice in protecting the personal information of all
More informationPreparing for GDPR 27th September, Reykjavik
Preparing for GDPR 27th September, Reykjavik Introduction Who I am? Solicitor fromlondon Worked in digital industry for the last 7years Specialized in Privacy for the last 7 years and did some consulting
More information(Non-legislative acts) REGULATIONS
11.12.2010 Official Journal of the European Union L 327/13 II (Non-legislative acts) REGULATIONS COMMISSION REGULATION (EU) No 1169/2010 of 10 December 2010 on a common safety method for assessing conformity
More informationGuidelines on the protection of personal data in IT governance and IT management of EU institutions
Guidelines on the protection of personal data in IT governance and IT management of EU institutions Postal address: rue Wiertz 60 - B-1047 Brussels Offices: rue Montoyer 30 - B-1000 Brussels E-mail : edps@edps.europa.eu
More informationEUROPEAN UNION. Brussels, 27 March 2013 (OR. en) 2011/0374 (COD) PE-CONS 80/12 CONSOM 164 MI 853 JUSTCIV 382 CODEC 3131 OC 774
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 27 March 2013 (OR. en) 2011/0374 (COD) PE-CONS 80/12 CONSOM 164 MI 853 JUSTCIV 382 CODEC 3131 OC 774 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject:
More information2017 IBM Corporation. IBM s Journey to GDPR Readiness
IBM s Journey to GDPR Readiness IBM s Journey to GDPR Readiness At IBM, we have a deep rooted understanding that privacy is foundational to trust. We are approaching the GDPR in the same spirit, both internally
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationGUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector
GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector TABLE OF CONTENTS INTRODUCTION... 2 Accountable privacy management 2 Getting started 3 A.
More informationAugust THE APPOINTMENT OF THE AUDITOR AND THE DURATION OF THE AUDIT ENGAGEMENT: Striving for a Workable Single Market in the EU
Federation of European Accountants Fédération des Experts comptables Européens Briefing Paper Standing for trust and integrity August 2014 THE APPOINTMENT OF THE AUDITOR AND THE DURATION OF THE AUDIT ENGAGEMENT:
More informationEnterprise Compliance Management for Credit Unions
Enterprise Compliance for Credit Unions Streamline Regulatory Compliance with a Unified Platform to Manage Requirements and Demonstrate Compliance to Regulators Industry Challenge Credit unions are subject
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationInformation Governance Strategic Management Framework
Information Governance Strategic Management Framework 2016-2018 Susan Meakin Information Governance Manager June 2016 Information Governance DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics
More informationIncreasing the Intensity and Effectiveness of Supervision
Increasing the Intensity and Effectiveness of Supervision Consultative Document Guidance on Supervisory Interaction with Financial Institutions on Risk Culture 18 November 2013 Table of Contents Page
More informationEU General Data Protection Regulation (GDPR) Tieto s approach and implementation
EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High
More informationComments by the Centre for Information Policy Leadership. on the Article 29 Data Protection Working Party s
Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party s Guidelines for identifying a controller or processor s lead supervisory authority adopted on 13
More informationData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 29 September 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC Consultant Infrastructure services Business
More informationNew EU-GDPR: Challenges for Universities and Research Organisations
New EU-GDPR: Challenges for Universities and Research Organisations Prof. Dr. Ing. Ramin Yahyapour CIO Georg-August-Universität Göttingen and University Medical Centre Director GWDG EUNIS workshop for
More informationGDPR Physical Security and Privacy Safeguards
GDPR Physical Security and Privacy Safeguards The European Union General Data Protection Regulation (GDPR) requires organizations worldwide to rethink how they access, use and maintain personal data. This
More informationParliament of Romania Chamber of Deputies Committee for information technologies and communications
Parliament of Romania Chamber of Deputies Committee for information technologies and communications The reform of the EU Data Protection framework Building trust in a digital and global world 9/10 October
More informationIMPLEMENTATION GUIDELINES FOR THE PRINCIPLES ON FREEDOM OF EXPRESSION AND PRIVACY
Contents IMPLEMENTATION GUIDELINES FOR THE PRINCIPLES ON FREEDOM OF EXPRESSION AND PRIVACY 1. Purpose of This Document 2. Responsible Company Decision Making 3. Freedom of Expression and Privacy 4. Multi-Stakeholder
More informationBUSINESS COMPLIANCE WITH COMPETITION RULES
28 November 2011 BUSINESS COMPLIANCE WITH COMPETITION RULES KEY MESSAGES 1 2 3 Competition provides the best incentive for efficiency, encourages innovation and guarantees consumers the best choice for
More informationGeneral Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.
General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance. Page 2 What is General Data Protection Regulation? What The general data protection
More informationA Parish Guide to the General Data Protection Regulation (GDPR)
A Parish Guide to the General Data Protection Regulation (GDPR) What s happening and why is it important? The law is changing. Currently, the Data Protection Act 1998 governs how you process personal data
More informationVendor Agreements and the New EU GDPR Steps to Take Now
Presenting a live 90-minute webinar with interactive Q&A Vendor Agreements and the New EU GDPR Steps to Take Now Complying With the EU General Data Protection and Privacy Regulation TUESDAY, JANUARY 30,
More informationnpliance IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION Auditing for
IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION EUROS (US $1.15 BILLION) BY EUROPEAN UNION REGULATORS for failing to comply with a 2004 antitrust order. The previous year, DaimlerChrysler paid a US $30
More informationPRA RULEBOOK: CRR FIRMS NON-CRR FIRMS: INDIVIDUAL ACCOUNTABILITY INSTRUMENT (NO 3) 2015
PRA RULEBOOK: CRR FIRMS NON-CRR FIRMS: INDIVIDUAL ACCOUNTABILITY INSTRUMENT (NO 3) 2015 Powers exercised A. The Prudential Regulation Authority ( PRA ) makes this instrument in the exercise of the following
More informationA recording of this webinar and the slides will be made available within a week of this event To listen in, please make sure the sound on your
A recording of this webinar and the slides will be made available within a week of this event To listen in, please make sure the sound on your computer is un-muted and your speakers are turned on/headphones
More informationEU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018
. EU-GDPR and the cloud Heike Fiedler-Phelps January 13, 2018 Disclaimer SAP does not provide legal advice The following presentation is only about a high level discussion about GDPR. 2 EU-GDPR Summary
More informationThe new EU data protection Regulation: The business opportunity beyond legal compliance. Kalliopi Spyridaki Chief Privacy Strategist, Europe
The new EU data protection Regulation: The business opportunity beyond legal compliance Kalliopi Spyridaki Chief Privacy Strategist, Europe Content The GDPR: background, content & principles What does
More informationWorking toward GDPR compliance. Insights from a SAS survey and an end-to-end approach
Working toward GDPR compliance Insights from a SAS survey and an end-to-end approach Compliance doesn t have to be a scary word even when facing the multifaceted challenges of meeting the European Union
More information